A React app needs to send a custom `X-Tenant-ID` header to an API. Which server-side CORS response header is required for the browser to allow this request?

React JS interview question for Advanced practice.

Answer

Access-Control-Allow-Headers

Explanation

Sending a custom header makes the request 'non-simple', triggering a preflight OPTIONS request. The server's response to this preflight must include the Access-Control-Allow-Headers header, and its value must contain the name of the custom header (X-Tenant-ID). If this header is missing or doesn't include X-Tenant-ID, the browser will block the actual request.

A React app needs to send a custom `X-Tenant-ID` header to an API. Which server-side CORS response header is required for the browser to allow this request?

Answer

Explanation

Related Questions